A quick fix is to modify pfs-ftp.c:130 from:
hostname = str_chr_index (host, '@');
to
hostname = str_chr_rindex (host, '@');
This would allow all of us unlucky users to login to our servers.
I tested it and it works (at least for me).
A similar fix could be used also for sftp, if necessary.
I can't help thinking that ~/.netrc is the best way to go, though:

easily parseable, allows to use any char you want in usernames and
passwords, and doesn't leave potentially sensible infos in .bash_history
or as tla commands output. What do you think?